<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>SQL Injection Test</title>
    <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet">
    <script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
</head>
<body>
<div class="container mt-5">
    <div class="row">
        <div class="col-md-6 offset-md-3">
            <h3 class="text-center">SQL Injection Test</h3>
            <form id="loginForm">
                <div class="form-group">
                    <label for="username">Username</label>
                    <!-- 输入一个合法的用户名 -->
                    <input type="text" class="form-control" id="username" name="username" required>
                </div>
                <div class="form-group">
                    <label for="password">Password</label>
                    <!-- 输入一个注入参数 -->
                    <input type="text" class="form-control" id="password" name="password" required>
                </div>
                <button type="submit" class="btn btn-primary btn-block">Login</button>
                <button type="button" class="btn btn-danger float-right" id="fillLoginBtn">Fill Login</button>
            </form>
            <div id="loginResult" class="mt-3"></div>

            <form id="searchForm" class="mt-5">
                <div class="form-group">
                    <label for="searchUsername">Search Users by Username</label>
                    <!-- 输入一个注入参数 -->
                    <input type="text" class="form-control" id="searchUsername" name="searchUsername" required>
                </div>
                <button type="submit" class="btn btn-secondary btn-block">Search</button>
                <button type="button" class="btn btn-danger float-right" id="fillSearchBtn">Fill Search</button>
            </form>
            <div id="searchResult" class="mt-3"></div>
        </div>
    </div>
</div>

<script>
    $(document).ready(function () {
        // 点击填充登录按钮
        $('#fillLoginBtn').on('click', function() {
            $('#username').val('user');
            $('#password').val('\' OR \'1\'=\'1');
        });

        // 点击填充搜索按钮
        $('#fillSearchBtn').on('click', function() {
            $('#searchUsername').val('\' OR \'1\'=\'1');
        });

        $('#loginForm').on('submit', function (e) {
            e.preventDefault();
            var data = {
                username: $('#username').val(),
                password: $('#password').val()
            };

            $.ajax({
                type: 'GET',
                url: '/login',
                contentType: 'application/json',
                data: data,
                success: function (response) {
                    if (response) {
                        $('#loginResult').html('<div class="alert alert-success">Login Successful</div>');
                    } else {
                        $('#loginResult').html('<div class="alert alert-danger">Login Failed</div>');
                    }
                }
            });
        });

        $('#searchForm').on('submit', function (e) {
            e.preventDefault();
            var username = $('#searchUsername').val();

            $.ajax({
                type: 'GET',
                url: '/search',
                data: { username: username },
                success: function (response) {
                    var resultHtml = '<div class="alert alert-info"><ul>';
                    $.each(response, function(index, user) {
                        resultHtml += '<li>' + user.username + ' - ' + user.password + '</li>';
                    });
                    resultHtml += '</ul></div>';
                    $('#searchResult').html(resultHtml);
                }
            });
        });
    });
</script>
</body>
</html>
